Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

How to Construct Random Unitaries

Fermi Ma, Hsin-Yuan Huang

TL;DR

This work proves the long-standing existence of pseudorandom unitaries (PRUs) under the assumption of quantum-secure one-way functions, addressing both standard PRUs (forward-query security) and strong PRUs (security against both forward and inverse queries). The authors introduce a path-recording framework, centered on the path-recording oracle V and its purified and compressed variants (pfO, W), to replace Haar randomness with efficiently simulable processes. By leveraging 2-design twirls and carefully constructed auxiliary operators (E^L,E^R) and a compression map, they show that queries to Haar-random unitaries can be efficiently simulated, and that certain combinations (e.g., $P_{\pi} F_f C$) are indistinguishable from Haar to polynomial-time quantum adversaries. The paper develops both standard and strong PRU proofs, including a robust gluing-lemma-style argument for composing random unitaries, and provides a pathway to practical cryptographic primitives and insights for quantum physics modeling. Overall, the path-recording paradigm enables an elementary, design-based route to PRUs with broad implications for cryptography, complexity, and physics.

Abstract

The existence of pseudorandom unitaries (PRUs) -- efficient quantum circuits that are computationally indistinguishable from Haar-random unitaries -- has been a central open question, with significant implications for cryptography, complexity theory, and fundamental physics. In this work, we close this question by proving that PRUs exist, assuming that any quantum-secure one-way function exists. We establish this result for both (1) the standard notion of PRUs, which are secure against any efficient adversary that makes queries to the unitary $U$, and (2) a stronger notion of PRUs, which are secure even against adversaries that can query both the unitary $U$ and its inverse $U^\dagger$. In the process, we prove that any algorithm that makes queries to a Haar-random unitary can be efficiently simulated on a quantum computer, up to inverse-exponential trace distance.

How to Construct Random Unitaries

TL;DR

This work proves the long-standing existence of pseudorandom unitaries (PRUs) under the assumption of quantum-secure one-way functions, addressing both standard PRUs (forward-query security) and strong PRUs (security against both forward and inverse queries). The authors introduce a path-recording framework, centered on the path-recording oracle V and its purified and compressed variants (pfO, W), to replace Haar randomness with efficiently simulable processes. By leveraging 2-design twirls and carefully constructed auxiliary operators (E^L,E^R) and a compression map, they show that queries to Haar-random unitaries can be efficiently simulated, and that certain combinations (e.g., ) are indistinguishable from Haar to polynomial-time quantum adversaries. The paper develops both standard and strong PRU proofs, including a robust gluing-lemma-style argument for composing random unitaries, and provides a pathway to practical cryptographic primitives and insights for quantum physics modeling. Overall, the path-recording paradigm enables an elementary, design-based route to PRUs with broad implications for cryptography, complexity, and physics.

Abstract

The existence of pseudorandom unitaries (PRUs) -- efficient quantum circuits that are computationally indistinguishable from Haar-random unitaries -- has been a central open question, with significant implications for cryptography, complexity theory, and fundamental physics. In this work, we close this question by proving that PRUs exist, assuming that any quantum-secure one-way function exists. We establish this result for both (1) the standard notion of PRUs, which are secure against any efficient adversary that makes queries to the unitary , and (2) a stronger notion of PRUs, which are secure even against adversaries that can query both the unitary and its inverse . In the process, we prove that any algorithm that makes queries to a Haar-random unitary can be efficiently simulated on a quantum computer, up to inverse-exponential trace distance.

Paper Structure

This paper contains 80 sections, 41 theorems, 319 equations.

Table of Contents

  1. Introduction
  2. Our results
  3. Our techniques
  4. How to construct PRUs.
  5. Strong PRUs and a symmetrized path-recording oracle $\widetilde{V}$.
  6. A new approach to random unitaries.
  7. Acknowledgments
  8. Preliminaries
  9. Notation.
  10. Quantum registers.
  11. Relations and variable-length registers
  12. Variable-length registers
  13. Pairs of variable-length registers
  14. The Haar measure, unitary $t$-designs, and twirling channels
  15. Oracle adversaries
  16. ...and 65 more sections

Key Result

Theorem 1

PRUs exist assuming the existence of any quantum-secure one-way function.

Theorems & Definitions (173)

  • Theorem 1
  • Theorem 2
  • Definition 1
  • Definition 2
  • Definition 3: Haar measure
  • Definition 4: Unitary $t$-design
  • Claim 1: Standard twirling
  • proof
  • Lemma 2.1: Twirling into the distinct subspace
  • proof
  • ...and 163 more